iPXE
eap.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2021 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 #include <stdlib.h>
27 #include <errno.h>
28 #include <string.h>
29 #include <byteswap.h>
30 #include <ipxe/netdevice.h>
31 #include <ipxe/eap.h>
32 
33 /** @file
34  *
35  * Extensible Authentication Protocol
36  *
37  */
38 
39 /**
40  * Transmit EAP response
41  *
42  * @v supplicant EAP supplicant
43  * @v rsp Response type data
44  * @v rsp_len Length of response type data
45  * @ret rc Return status code
46  */
47 int eap_tx_response ( struct eap_supplicant *supplicant,
48  const void *rsp, size_t rsp_len ) {
49  struct net_device *netdev = supplicant->netdev;
50  struct eap_message *msg;
51  size_t len;
52  int rc;
53 
54  /* Allocate and populate response */
55  len = ( sizeof ( *msg ) + rsp_len );
56  msg = malloc ( len );
57  if ( ! msg ) {
58  rc = -ENOMEM;
59  goto err_alloc;
60  }
61  msg->hdr.code = EAP_CODE_RESPONSE;
62  msg->hdr.id = supplicant->id;
63  msg->hdr.len = htons ( len );
64  msg->type = supplicant->type;
65  memcpy ( msg->data, rsp, rsp_len );
66  DBGC ( netdev, "EAP %s Response id %#02x type %d\n",
67  netdev->name, msg->hdr.id, msg->type );
68 
69  /* Transmit response */
70  if ( ( rc = supplicant->tx ( supplicant, msg, len ) ) != 0 ) {
71  DBGC ( netdev, "EAP %s could not transmit: %s\n",
72  netdev->name, strerror ( rc ) );
73  goto err_tx;
74  }
75 
76  err_tx:
77  free ( msg );
78  err_alloc:
79  return rc;
80 }
81 
82 /**
83  * Transmit EAP NAK
84  *
85  * @v supplicant EAP supplicant
86  * @ret rc Return status code
87  */
88 static int eap_tx_nak ( struct eap_supplicant *supplicant ) {
89  struct net_device *netdev = supplicant->netdev;
90  unsigned int max = table_num_entries ( EAP_METHODS );
91  uint8_t methods[ max + 1 /* potential EAP_TYPE_NONE */ ];
92  unsigned int count = 0;
93  struct eap_method *method;
94 
95  /* Populate methods list */
96  DBGC ( netdev, "EAP %s Nak offering types {", netdev->name );
98  if ( method->type > EAP_TYPE_NAK ) {
99  DBGC ( netdev, "%s%d",
100  ( count ? ", " : "" ), method->type );
101  methods[count++] = method->type;
102  }
103  }
104  if ( ! count )
105  methods[count++] = EAP_TYPE_NONE;
106  DBGC ( netdev, "}\n" );
107  assert ( count <= max );
108 
109  /* Transmit response */
110  supplicant->type = EAP_TYPE_NAK;
111  return eap_tx_response ( supplicant, methods, count );
112 }
113 
114 /**
115  * Handle EAP Request-Identity
116  *
117  * @v supplicant EAP supplicant
118  * @v req Request type data
119  * @v req_len Length of request type data
120  * @ret rc Return status code
121  */
122 static int eap_rx_identity ( struct eap_supplicant *supplicant,
123  const void *req, size_t req_len ) {
124  struct net_device *netdev = supplicant->netdev;
125  void *rsp;
126  int rsp_len;
127  int rc;
128 
129  /* Treat Request-Identity as blocking the link */
130  DBGC ( netdev, "EAP %s Request-Identity blocking link\n",
131  netdev->name );
132  DBGC_HDA ( netdev, 0, req, req_len );
134 
135  /* Mark EAP as in progress */
136  supplicant->flags |= EAP_FL_ONGOING;
137 
138  /* Construct response, if applicable */
140  &username_setting, &rsp );
141  if ( rsp_len < 0 ) {
142  /* We have no identity to offer, so wait until the
143  * switch times out and switches to MAC Authentication
144  * Bypass (MAB).
145  */
146  DBGC2 ( netdev, "EAP %s has no identity\n", netdev->name );
147  supplicant->flags |= EAP_FL_PASSIVE;
148  rc = 0;
149  goto no_response;
150  }
151 
152  /* Transmit response */
153  if ( ( rc = eap_tx_response ( supplicant, rsp, rsp_len ) ) != 0 )
154  goto err_tx;
155 
156  err_tx:
157  free ( rsp );
158  no_response:
159  return rc;
160 }
161 
162 /** EAP Request-Identity method */
163 struct eap_method eap_identity_method __eap_method = {
165  .rx = eap_rx_identity,
166 };
167 
168 /**
169  * Handle EAP Request
170  *
171  * @v supplicant EAP supplicant
172  * @v msg EAP request
173  * @v len Length of EAP request
174  * @ret rc Return status code
175  */
176 static int eap_rx_request ( struct eap_supplicant *supplicant,
177  const struct eap_message *msg, size_t len ) {
178  struct net_device *netdev = supplicant->netdev;
179  struct eap_method *method;
180  const void *req;
181  size_t req_len;
182 
183  /* Sanity checks */
184  if ( len < sizeof ( *msg ) ) {
185  DBGC ( netdev, "EAP %s underlength request:\n", netdev->name );
186  DBGC_HDA ( netdev, 0, msg, len );
187  return -EINVAL;
188  }
189  if ( len < ntohs ( msg->hdr.len ) ) {
190  DBGC ( netdev, "EAP %s truncated request:\n", netdev->name );
191  DBGC_HDA ( netdev, 0, msg, len );
192  return -EINVAL;
193  }
194  req = msg->data;
195  req_len = ( ntohs ( msg->hdr.len ) - sizeof ( *msg ) );
196 
197  /* Record request details */
198  supplicant->id = msg->hdr.id;
199  supplicant->type = msg->type;
200  DBGC ( netdev, "EAP %s Request id %#02x type %d\n",
201  netdev->name, msg->hdr.id, msg->type );
202 
203  /* Handle according to type */
205  if ( msg->type == method->type )
206  return method->rx ( supplicant, req, req_len );
207  }
208  DBGC ( netdev, "EAP %s requested type %d unknown:\n",
209  netdev->name, msg->type );
210  DBGC_HDA ( netdev, 0, msg, len );
211 
212  /* Send NAK if applicable */
213  if ( msg->type > EAP_TYPE_NAK )
214  return eap_tx_nak ( supplicant );
215 
216  return -ENOTSUP;
217 }
218 
219 /**
220  * Handle EAP Success
221  *
222  * @v supplicant EAP supplicant
223  * @ret rc Return status code
224  */
225 static int eap_rx_success ( struct eap_supplicant *supplicant ) {
226  struct net_device *netdev = supplicant->netdev;
227 
228  /* Mark authentication as complete */
229  supplicant->flags = EAP_FL_PASSIVE;
230 
231  /* Mark link as unblocked */
232  DBGC ( netdev, "EAP %s Success\n", netdev->name );
234 
235  return 0;
236 }
237 
238 /**
239  * Handle EAP Failure
240  *
241  * @v supplicant EAP supplicant
242  * @ret rc Return status code
243  */
244 static int eap_rx_failure ( struct eap_supplicant *supplicant ) {
245  struct net_device *netdev = supplicant->netdev;
246 
247  /* Mark authentication as complete */
248  supplicant->flags = EAP_FL_PASSIVE;
249 
250  /* Record error */
251  DBGC ( netdev, "EAP %s Failure\n", netdev->name );
252  return -EPERM;
253 }
254 
255 /**
256  * Handle EAP packet
257  *
258  * @v supplicant EAP supplicant
259  * @v data EAP packet
260  * @v len Length of EAP packet
261  * @ret rc Return status code
262  */
263 int eap_rx ( struct eap_supplicant *supplicant, const void *data,
264  size_t len ) {
265  struct net_device *netdev = supplicant->netdev;
266  const union eap_packet *eap = data;
267 
268  /* Sanity check */
269  if ( len < sizeof ( eap->hdr ) ) {
270  DBGC ( netdev, "EAP %s underlength header:\n", netdev->name );
271  DBGC_HDA ( netdev, 0, eap, len );
272  return -EINVAL;
273  }
274 
275  /* Handle according to code */
276  switch ( eap->hdr.code ) {
277  case EAP_CODE_REQUEST:
278  return eap_rx_request ( supplicant, &eap->msg, len );
279  case EAP_CODE_RESPONSE:
280  DBGC2 ( netdev, "EAP %s ignoring response\n", netdev->name );
281  return 0;
282  case EAP_CODE_SUCCESS:
283  return eap_rx_success ( supplicant );
284  case EAP_CODE_FAILURE:
285  return eap_rx_failure ( supplicant );
286  default:
287  DBGC ( netdev, "EAP %s unsupported code %d\n",
288  netdev->name, eap->hdr.code );
289  DBGC_HDA ( netdev, 0, eap, len );
290  return -ENOTSUP;
291  }
292 }
293 
294 /* Drag in objects via eap_rx() */
296 
297 /* Drag in EAP configuration */
298 REQUIRE_OBJECT ( config_eap );
#define EINVAL
Invalid argument.
Definition: errno.h:428
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
#define EAP_TYPE_NONE
EAP "no available types" marker.
Definition: eap.h:44
#define max(x, y)
Definition: ath.h:39
struct eap_message msg
Request/response message.
Definition: eap.h:103
int fetch_raw_setting_copy(struct settings *settings, const struct setting *setting, void **data)
Fetch value of setting.
Definition: settings.c:821
static int eap_rx_failure(struct eap_supplicant *supplicant)
Handle EAP Failure.
Definition: eap.c:244
Error codes.
#define EAP_CODE_REQUEST
EAP request.
Definition: eap.h:28
struct eap_header hdr
Header.
Definition: eap.h:101
#define DBGC(...)
Definition: compiler.h:505
REQUIRING_SYMBOL(eap_rx)
An EAP supplicant.
Definition: eap.h:138
#define EAP_METHODS
EAP method table.
Definition: eap.h:193
int eap_rx(struct eap_supplicant *supplicant, const void *data, size_t len)
Handle EAP packet.
Definition: eap.c:263
#define ntohs(value)
Definition: byteswap.h:136
uint8_t method
Definition: ib_mad.h:14
EAP request/response message.
Definition: eap.h:34
uint8_t id
ID for current request/response.
Definition: eap.h:144
static struct settings * netdev_settings(struct net_device *netdev)
Get per-netdevice configuration settings block.
Definition: netdevice.h:583
#define ENOTSUP
Operation not supported.
Definition: errno.h:589
#define EAP_CODE_RESPONSE
EAP response.
Definition: eap.h:31
#define EAP_CODE_FAILURE
EAP failure.
Definition: eap.h:96
#define ENOMEM
Not enough space.
Definition: errno.h:534
uint8_t type
Type.
Definition: eap.h:179
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static int eap_rx_success(struct eap_supplicant *supplicant)
Handle EAP Success.
Definition: eap.c:225
EAP packet.
Definition: eap.h:99
int eap_tx_response(struct eap_supplicant *supplicant, const void *rsp, size_t rsp_len)
Transmit EAP response.
Definition: eap.c:47
void netdev_link_block(struct net_device *netdev, unsigned long timeout)
Mark network device link as being blocked.
Definition: netdevice.c:247
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
#define DBGC_HDA(...)
Definition: compiler.h:506
REQUIRE_OBJECT(config_eap)
void netdev_link_unblock(struct net_device *netdev)
Mark network device link as being unblocked.
Definition: netdevice.c:262
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
static struct net_device * netdev
Definition: gdbudp.c:52
#define EAP_FL_PASSIVE
EAP supplicant is passive.
Definition: eap.h:174
#define EAP_FL_ONGOING
EAP authentication is in progress.
Definition: eap.h:164
uint64_t rsp
Definition: librm.h:267
static int eap_tx_nak(struct eap_supplicant *supplicant)
Transmit EAP NAK.
Definition: eap.c:88
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:54
#define for_each_table_entry(pointer, table)
Iterate through all entries within a linker table.
Definition: tables.h:385
A network device.
Definition: netdevice.h:352
unsigned char uint8_t
Definition: stdint.h:10
#define EAP_TYPE_IDENTITY
EAP identity.
Definition: eap.h:47
#define EAP_CODE_SUCCESS
EAP success.
Definition: eap.h:93
void * malloc(size_t size)
Allocate memory.
Definition: malloc.c:583
static int eap_rx_request(struct eap_supplicant *supplicant, const struct eap_message *msg, size_t len)
Handle EAP Request.
Definition: eap.c:176
#define EAP_TYPE_NAK
EAP NAK.
Definition: eap.h:50
#define EPERM
Operation not permitted.
Definition: errno.h:614
Network device management.
static int eap_rx_identity(struct eap_supplicant *supplicant, const void *req, size_t req_len)
Handle EAP Request-Identity.
Definition: eap.c:122
char name[NETDEV_NAME_LEN]
Name of this network device.
Definition: netdevice.h:362
int(* tx)(struct eap_supplicant *supplicant, const void *data, size_t len)
Transmit EAP response.
Definition: eap.h:155
uint32_t len
Length.
Definition: ena.h:14
#define DBGC2(...)
Definition: compiler.h:522
struct eap_method eap_identity_method __eap_method
EAP Request-Identity method.
Definition: eap.c:163
uint16_t count
Number of entries.
Definition: ena.h:22
uint8_t code
Code.
Definition: eap.h:20
uint8_t type
Type for current request/response.
Definition: eap.h:146
uint8_t data[48]
Additional event data.
Definition: ena.h:22
#define EAP_BLOCK_TIMEOUT
EAP link block timeout.
Definition: eap.h:117
struct net_device * netdev
Network device.
Definition: eap.h:140
String functions.
#define htons(value)
Definition: byteswap.h:135
Extensible Authentication Protocol.
uint16_t flags
Flags.
Definition: eap.h:142
static void msg(unsigned int row, const char *fmt,...)
Print message centred on specified row.
Definition: settings_ui.c:285
#define table_num_entries(table)
Get number of entries in linker table.
Definition: tables.h:335
An EAP method.
Definition: eap.h:177